Sideloading Windows Apps

We recently finished development of a Windows modern app and the client wanted to first test the app on several devices prior to making it fully available. Unfortunately, the Windows Store is a bit of a mess when we want to have limited/private distribution of an application. Unlike the Windows Phone Store which has this concept of a beta app (which was one of the features I had worked on!), if an app is published on the Windows Store, it is made available to everyone which isn't exactly wat we want...

What is Sideloading?

Due to a multitude of reasons (e.g. security), only modern apps that are delivered through the Windows Store are permitted to run on a machine. For development, testing, and enterprise scenarios, we can use a technique called sideloading to install and run apps that are not signed by the Windows Store.

How:

Distribute the output location folder that was produced in the previous step to all target machines

Execute the Add-AppDevPackage.ps1 script

The script will attempt to obtain and install a developer license. You can use either your Microsoft Account or a Windows Developer Account to do so. The license has a finite window of validity; license obtained using:

Microsoft Account must be renewed every 30 days

Windows Developer Account must be renewed every 90 days[^n]

Enterprise Sideloading

The world of enterprise is a little more complex and depends on the licensing agreement that is in place.

When to use:

If you are looking for a long-term solution or you are working on a line of business (LOB) app, this is likely your best bet.

Requirements:

Powershell on target machine

Target machine OS is one of: Windows 8, Windows 8.1, Windows RT

How:

Create app package (see above)

App Signing

The certificate used to sign the application must be a trusted CA on the device. This can be accomplished in one of two ways: (1) signing the app with a certificate rooted to a CA that is already trusted on the device or (2) adding the the certificate that was used to sign the app in the device's trust root cert store.

We can deploy the package using a variety of methods, each has its own pros/cons: Microsoft Deployment Toolkit, Windows InTune, System Center 2012 Configuration Manager. This post is only going to cover Microsoft Deployment Toolkit.